<?xml version="1.0" encoding="utf-8"?>
<!-- This Source Code Form is subject to the terms of the Mozilla Public
   - License, v. 2.0. If a copy of the MPL was not distributed with this
   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
  "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[
  <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
  %brandDTD;
]>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SSL Settings</title>
<link rel="stylesheet" href="helpFileLayout.css"
  type="text/css"/>
</head>
<body>

<h1 id="ssl_settings">SSL Settings</h1>

<p>This section describes how to set your SSL preferences.</p>

<div class="contentsBox">In this section:
  <ul>
    <li><a href="#privacy_and_security_preferences_ssl">Privacy &amp; Security
      Preferences - SSL</a></li>
  </ul>
</div>

<h2 id="privacy_and_security_preferences_ssl">Privacy &amp; Security
  Preferences - SSL</h2>

<p>This section describes how to use the SSL preferences panel. If you are not
  already viewing the panel, follow these steps:</p>

<ol>
  <li>Open the <span class="mac">&brandShortName;</span>
    <span class="noMac">Edit</span> menu and choose Preferences.</li>
  <li>Under the Privacy &amp; Security category, click SSL. (If no
    subcategories are visible, double-click Privacy &amp; Security to expand
    the list.)</li>
</ol>

<h3 id="ssl_protocol_versions">SSL Protocol Versions</h3>

<p>The <a href="glossary.xhtml#ssl">Secure Sockets Layer (SSL)</a> protocol
  defines rules governing mutual authentication between a website and browser
  software and the encryption of information that flows between them. It is
  also used for secure communication in various other protocols, e.g., for
  protection of sensitive information exchanged with email, calendar, or
  directory servers. The newer Transport Layer Security (TLS) protocol is an
  IETF standard based on SSL but with its own version numbering. TLS 1.0 can
  be thought of as SSL 3.1, TLS 1.1 is in turn an update to TLS 1.0, etc. Newer
  protocols are preferred over older ones as they provide better security and
  more features. Older protocols are supported to ensure compatibility.</p>

<p>By default, &brandShortName; will select the most secure version which is
  widely supported to connect to the server. If that attempt doesn&apos;t
  succeed, it will try to connect with the next older version, etc., to the
  extent allowed by the settings in this panel. The connection will fail if no
  protocol supported by both sides is found. You can exclude older versions
  explicitly or allow newer versions which may not be widely supported yet
  with the following options:</p>

<ul>
  <li><strong>Enable</strong>: Check the <strong>SSL 3.0</strong>, <strong>TLS
    1.0</strong>, <strong>TLS 1.1</strong>, and/or <strong>TLS 1.2</strong>
    boxes to indicate which protocol versions can be used for a secure
    connection to a server.</li>
</ul>

<p><strong>Notes</strong>:</p>

<ul>
  <li>At least one protocol version must be selected, thus it is not possible
    to uncheck the last remaining box.</li>
  <li>Also, the selection must be contiguous. It is not possible to select both
    SSL 3.0 and TLS 1.1 but to exclude the intermediate TLS 1.0 version.</li>
  <li>You can extend the range by multiple versions. For example, if only SSL
    3.0 is currently checked and you select TLS 1.2, the TLS 1.0 and TLS 1.1
    versions are automatically selected as well.</li>
  <li>Checkboxes may appear checked but grayed out if you cannot uncheck them
    without violating these rules. Uncheck the outermost boxes to regain
    access to an enclosed intermediate version.</li>
</ul>

<h3 id="ssl_warnings">SSL Warnings</h3>

<p>It&apos;s easy to tell when the website you are viewing is using an encrypted
  connection. If the connection is encrypted, the lock icon in the lower-right
  corner of the browser window is locked. If the connection is not encrypted,
  the lock icon is unlocked.</p>

<p>If you want additional warnings, you can select one or more of the warning
  checkboxes in the SSL preferences panel. Some people find these warnings
  annoying.</p>

<p>To activate any of these warnings, select the corresponding checkbox:</p>

<ul>
  <li><strong>Loading a page that supports encryption</strong>: Select this
    warning if you want to be reminded whenever you are loading a page that
    supports encryption.</li>
  <li><strong>Leaving a page that supports encryption</strong>: Select this
    warning if you want to be reminded whenever you are leaving a page that
    supports encryption for one that does not.</li>
  <li><strong>Sending form data from an unencrypted page to an unencrypted
    page</strong>: Select this warning if you want to be reminded whenever you
    are submitting data over an unencrypted connection. If you send unencrypted
    information over the Internet, it can easily be intercepted by other
    people.</li>
  <li><strong>Viewing a page with an encrypted/unencrypted mix</strong>:
    Select this warning if you want to be alerted whenever you are viewing a
    page that includes any information that&apos;s not encrypted.</li>
</ul>

<p>For short definitions, click
  <a href="glossary.xhtml#authentication">authentication</a>,
  <a href="glossary.xhtml#encryption">encryption</a>, or
  <a href="glossary.xhtml#certificate">certificate</a>.</p>

<p>For more information about ciphers and encryption, see the following online
  documents:</p>

<ul>
  <li>
    <a href="http://developer.mozilla.org/en/Introduction_to_Public-Key_Cryptography">Introduction
    to Public-Key Cryptography</a></li>
  <li>
    <a href="http://developer.mozilla.org/en/Introduction_to_SSL">Introduction
    to SSL</a></li>
  <li>
    <a href="http://www.mozilla.org/projects/security/pki/nss/nss-3.11/nss-3.11-algorithms.html">Encryption
    Technologies Available in NSS 3.11</a>.</li>
</ul>

</body>
</html>
